Interpreter allows overwriting NaN (with lazy standard classes)

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({testcase})

Trunk
x86_64
Mac OS X
testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
print(evalcx('lazy').eval("NaN = 2; NaN;"));

./js            2
./js -a -m      NaN

I noticed this while investigating bug 743423. Might be related.
autoBisect shows this is probably related to the following changeset:

The first good revision is:
changeset:   117329:0ce29ce2ea7c
user:        Jeff Walden
date:        Wed Dec 19 19:32:34 2012 -0500
summary:     Bug 824217 - Remove some easy-to-remove tests of JSRESOLVE_ASSIGNING.  r=bz

Waldo, is this a possible fix?
Flags: needinfo?(jwalden+bmo)

Comment 2

5 years ago
Er.  Did you mean to ask in comment 1 if that change fixed this?  Because, looking at it, I suspect it did.
Flags: needinfo?(jwalden+bmo)
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.